> There is no evidence of any recent change either to the operational > circumstances or to the available alternatives. So no update is appropriate > at this time.
One major recent change is the publication of WESP [RFC 5840] and the standard for using Heuristics for detecting ESP-NULL packets [RFC 5879]. This takes away one major reason why folks wanted to use AH - that of being able to deep inspect packets. Even the NIST guidelines for IPv6 deployment says that the main argument in favor of AH is the ability to inspect packets. With WESP even that goes away. BTW, the Advanced Network Technologies Division of NIST has started work on supporting the WESP header and ESP-NULL detection. http://dns.antd.nist.gov/ipv6/ Cheers, Manav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
